Carrier IQ Collects Data on Millions of Phones

December 1, 2011

Android app developer Trevor Eckhart posted a video to his YouTube account on Monday in which he claims to have discovered a hidden app in the handsets of several carriers. Eckhart claims that the app, Carrier IQ, collects a wide variety of user data, including keystrokes, location data, and text messages.

It remains unclear what the software does with the data it collects. While at least some of it is forwarded on to Carrier IQ’s servers, no one is quite sure how much. Regardless of what is done with the data, the fact that it is collected at all by a hidden piece of software with no option to opt-out is enough to unsettle many.

In the 17 minute video, posted below, Eckhart demonstrates the app recording his keystrokes and intercepting network data, even when sent via secure HTTPS protocol. In a public posting, Eckhart accused Carrier IQ’s software of being a rootkit – spyware designed to bypass certain operating system requirements. Eckhart noted that the app never asks permission to record user data, and is well hidden on most phones. On some, he said, the app has even been renamed so as to be undetectable.

The app was initially found on a variety of devices across carriers – Android, Blackberry, and Nokia phones all appear to have the app installed. Initial reports excluded iOS devices in the litany, though information has surfaced this morning that the app is in fact present on iPhones, but in a much tamer form. While in other handsets the software is active and recording at all times, with iPhones it appears only to activate when the phone is placed in diagnostic mode.

Though Carrier IQ seems reluctant to directly reply to requests for comment from the media, they have issued a statement on their website, wherein they claim that the app does not record keystrokes or location information, but rather tracks performance data in order “to assist operators and device manufacturers in delivering high quality products and services to their customers.”

Eckhart’s announcement comes on the heels of Carrier IQ withdrawing its threat of legal action over a post in which he originally called the software a rootkit. Carrier IQ threatened to sue, but withdrew and apologized when the Electronic Frontier Foundation took up Eckhart’s case.

Twitter backlash against the company has been strong. One user pointed out that the level of spying engaged in by Carrier IQ pales in comparison to the scandal caused by Apple’s location data controversy last year.

In another curious twist, the Verge is reporting this morning that although the Carrier IQ software is installed on a variety of Android-based devices, it is not present on Google’s own Nexus devices, nor on the first generation Xoom tablet.

Other Twitter users note that at this point, there appear to be fewer phones without Carrier IQ than there are with it.